May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2805) Use Xalan from JRE rather than our own fork

by Peter Palaga (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2805?page=com.atlassian.jira.plugi... ] Peter Palaga commented on WFCORE-2805: -------------------------------------- I added tests for 2) in {{EmbeddedXsltProcessorTestCase}} and for 3) in {{XsltProcessorInModuleTestCase}} in https://github.com/ppalaga/wildfly/tree/WFCORE-2805 at c615766 All tested scenarios pass both before and after replacing the custom Xalan module with the implementation from the JRE. I am still waiting for an answer ad 4) bq. What is the user currently supposed to do to change the container wide default JAXP impl? > Use Xalan from JRE rather than our own fork > ------------------------------------------- > > Key: WFCORE-2805 > URL: https://issues.jboss.org/browse/WFCORE-2805 > Project: WildFly Core > Issue Type: Task > Reporter: Peter Palaga > Assignee: Peter Palaga > > As proposed by [~wolfc] we want to check if we can get rid of maintaining our own fork of Xalan. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8862) Wrong schema version in several .xsd files

by Aurel Pintea (JIRA)

[ https://issues.jboss.org/browse/WFLY-8862?page=com.atlassian.jira.plugin.... ] Aurel Pintea updated WFLY-8862: ------------------------------- Description: Some schemas in ${EAP_HOME}/docs/schema have wrong version specified. (was: Some schemas in ${EAP_HOME}/docs/schema has wrong version specified.) > Wrong schema version in several .xsd files > ------------------------------------------ > > Key: WFLY-8862 > URL: https://issues.jboss.org/browse/WFLY-8862 > Project: WildFly > Issue Type: Bug > Reporter: Aurel Pintea > Assignee: Aurel Pintea > Priority: Minor > > Some schemas in ${EAP_HOME}/docs/schema have wrong version specified. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8862) Wrong schema version in several .xsd files

by Aurel Pintea (JIRA)

Aurel Pintea created WFLY-8862: ---------------------------------- Summary: Wrong schema version in several .xsd files Key: WFLY-8862 URL: https://issues.jboss.org/browse/WFLY-8862 Project: WildFly Issue Type: Bug Reporter: Aurel Pintea Assignee: Aurel Pintea Priority: Minor Some schemas in ${EAP_HOME}/docs/schema has wrong version specified. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1214) Elytron LocalUserServer Overrides finalize method

by Martin Choma (JIRA)

Martin Choma created ELY-1214: --------------------------------- Summary: Elytron LocalUserServer Overrides finalize method Key: ELY-1214 URL: https://issues.jboss.org/browse/ELY-1214 Project: WildFly Elytron Issue Type: Bug Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Critical {{finalize}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on finalize() method {code:java|title=LocalUserServer.java} @Override protected void finalize() throws Throwable { deleteChallenge(); } {code} [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1214) Elytron LocalUserServer Overrides finalize method

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1214?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1214: ------------------------------ Description: {{finalize()}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on {{finalize()}} method {code:java|title=LocalUserServer.java} @Override protected void finalize() throws Throwable { deleteChallenge(); } {code} [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms was: {{finalize}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on finalize() method {code:java|title=LocalUserServer.java} @Override protected void finalize() throws Throwable { deleteChallenge(); } {code} [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms > Elytron LocalUserServer Overrides finalize method > ------------------------------------------------- > > Key: ELY-1214 > URL: https://issues.jboss.org/browse/ELY-1214 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > {{finalize()}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on {{finalize()}} method > {code:java|title=LocalUserServer.java} > @Override > protected void finalize() throws Throwable { > deleteChallenge(); > } > {code} > [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2891) Regresion in DR17, elytron returns 401 instead of 500.

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2891?page=com.atlassian.jira.plugi... ] Jan Kalina moved JBEAP-11238 to WFCORE-2891: -------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2891 (was: JBEAP-11238) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta23 (was: 7.1.0.DR17) > Regresion in DR17, elytron returns 401 instead of 500. > ------------------------------------------------------ > > Key: WFCORE-2891 > URL: https://issues.jboss.org/browse/WFCORE-2891 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta23 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > > There is regression against DR16. When Elytron kerberos security factory is misconfigured - wrong principal name - 401 is returned. Till DR16 it was 500. > IMO 500 is more appropriate in this case as server is misconfigured and authenticatoin is not possible at all. > But 401 means user can try authenticate with another credential. Also there is no other authentication mechanism configured, which could be tried to authenticate - just SPNEGO. > {code:title=server.log} > 09:26:33,615 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,616 TRACE [org.wildfly.security] (default task-1) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,617 TRACE [org.wildfly.security] (default task-1) Obtaining GSSCredential for the service from callback handler... > 09:26:33,617 TRACE [org.wildfly.security] (default task-1) No valid cached credential, obtaining new one... > 09:26:33,618 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > ] > 09:26:33,623 INFO [stdout] (default task-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab refreshKrb5Config is false principal is WRONG_SERVICE/wrong.host tryFirstPass is false useFirstPass is false storePass is false clearPass is false > 09:26:33,626 INFO [stdout] (default task-1) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-3763796955751468261.conf > 09:26:33,626 INFO [stdout] (default task-1) Loaded from Java config > 09:26:33,627 INFO [stdout] (default task-1) principal is WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,628 INFO [stdout] (default task-1) Will use keytab > 09:26:33,628 INFO [stdout] (default task-1) Commit Succeeded > 09:26:33,628 INFO [stdout] (default task-1) > 09:26:33,628 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > Principal: WRONG_SERVICE/wrong.host(a)JBOSS.ORG > Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > ] succeed > 09:26:33,630 TRACE [org.wildfly.security] (default task-1) Creating GSSName for Principal 'WRONG_SERVICE/wrong.host(a)JBOSS.ORG' > 09:26:33,634 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,635 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,635 TRACE [org.wildfly.security] (default task-1) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f] > 09:26:33,636 TRACE [org.wildfly.security] (default task-1) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@3409081b] > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching GSSContext sun.security.jgss.GSSContextImpl@480e78a0 > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching KerberosTicket null > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Sent HTTP authorizations: [null] > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Request lacks valid authentication credentials > 09:26:33,666 WARN [org.apache.http.impl.auth.HttpAuthenticator] (main) NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Obtaining GSSCredential for the service from callback handler... > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@b065a6e] > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Caching GSSContext sun.security.jgss.GSSContextImpl@5c1a57e > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Caching KerberosTicket null > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Sent HTTP authorizations: [null] > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Request lacks valid authentication credentials > Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false > Refreshing Kerberos configuration > [Krb5LoginModule] user entered username: jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025 > principal is jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025(a)JBOSS.ORG > Commit Succeeded > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Obtaining GSSCredential for the service from callback handler... > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@ee77462] > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching GSSContext sun.security.jgss.GSSContextImpl@209bce > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching KerberosTicket null > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Sent HTTP authorizations: [null] > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Request lacks valid authentication credentials > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Obtaining GSSCredential for the service from callback handler... > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@511a63e2] > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching GSSContext sun.security.jgss.GSSContextImpl@5fdd87b1 > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching KerberosTicket null > 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Sent HTTP authorizations: [Negotiate YIIE1gYGKwYBBQUCoIIEyjCCBMagDTALBgkqhkiG9xIBAgKhBAMCAfaiggStBIIEqWCCBKUGCSqGSIb3EgECAgEAboIElDCCBJCgAwIBBaEDAgEOogcDBQAgAAAAo4IBKGGCASQwggEgoAMCAQWhCxsJSkJPU1MuT1JHoigwJqADAgEAoR8wHRsESFRUUBsVbG9jYWxob3N0LmxvY2FsZG9tYWluo4HhMIHeoAMCARGigdYEgdNZUz5w85v5Lg3rdGjYo4b+X5C6BpUMjg7SMoS+xl5ChgJMY0VQjvizbudYm0UXRRHgDXLE8rH1dx4VjK/yZ4W7GL4yP7wqrZLu9bqG+V6bNu0q5OijcV08XzwvE2EuL7SLhJ+3MtGsAclO/BkZwppYuMMJzFPN0nwguITxE8m+9Y/X+ikRtM2XsXINqduMFM5BfAZIcskA0yQ6ZqqB/gtDq6VGWKZ+KMr9fAMVfqH3DFE+Rwm4Ei6WMg2sJ9bAGpZgHOKjYhQDvMa49fxDth5tL8COpIIDTTCCA0mgAwIBEaKCA0AEggM82CoQag7UyA/xrAduZ14kwQUQiFvL0FNubJqi+r+hDtVd+ip549Veh7/XqskzaSQ/5+MJUhbx879YxkEUrUnnmnkQvtVxlZo7bhQMhhbuoJCA8aeBwOsBLd/DMvk9FxjP7axEfOSB2ENZ02mvEPqy8c039rGmWKpgimrJOjn9v3MkIV6dTtYVutdyW9o9cJGzT2+qOcOcylS19u2MNzIYH5XcpMWzGAX+ij7jNy/w7jHWnh7eXgl89et4L0zNVSsRmSNG6/95/zqvzAUpgmM6OyMTT2Zpd79vFAL/rI9bTsFCkGzB0pBFhcEuNmNiaLD3xKTLzsEpJqruue+7+FYmF9vOFTy1mFxMt5twkkGC48x8bPLFf2F8RAXKlrZp5HAD3MbmrTdCOzFW77yzFbCrCB1Fw0qtzLuWFZFJnMtZL4074WmOMR9upTNR6D76yhUJw8+HV5iPpJzxq84usRUI/jHkF7TdBJll0MpJQbXJMteYGAVp04jaisKsAQVPLfcmgEuamb9nrdTJ3E+zkviB80NhK2JwTZzsnGIudoPWaSl7eM7/XajgM/9MFwWkiB/z7iCtiXdrTLkJg0ZQeBlImNK6MO79NHaO6e5fG+jKEd7SuEa/MJmBRCpTjkc3g87N5wDMzz16wmzgRE96AoF9vS9hJaoM6CkPSigvno1x5A+e4e3+kOObY1QYzR5bJLwG+kzQGhKxkjI5CwS9M0rVkvxIU+BEIWgVCp8447EtXFmrsbREAwQ432kbTDdQLJZeUDjJFY9aoqVoUpePukD3H92icwvQkEvahm6U2q3bstLSKq47VRwtJr7q28PLllFlkFI7WPbsOgl5ZZ+SzvleskVPvNoX5I+HyQJHLO3cz/DGRpswGLxTmCSpRYe3Ul/33AE+sSnhqC9Ndl8e+z7uZgVaCMZci8JJ2/ZUfv72BDKou4BiFIo+G6IzFEFMs0O+x8fueJ/3aKoHSxV5WEANhW9W8mzpewf0wvYojlRL4zgAorVCamSIuG3OB4vq5OSlDEC9raRTR5Sl2EU+5WvDF2UzA6VDpkb58DGVm8FA7O5JFehY7ErEyD8gTM98i5FCK+kUORguAXK3fKVt] > 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Processing incoming response to a challenge... > 09:26:33,764 INFO [stdout] (default task-4) Entered Krb5Context.acceptSecContext with state=STATE_NEW > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 79; type: 16 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 87; type: 18 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 63; type: 3 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 17 > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 23 > 09:26:33,770 INFO [stdout] (default task-4) Looking for keys for: WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,816 TRACE [org.wildfly.security] (default task-4) GSSContext message exchange failed: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) > at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.lambda$evaluateRequest$2(SpnegoAuthenticationMechanism.java:164) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:164) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96 > at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278) > at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) > at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) > ... 47 more > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1213) Remove match-purpose from Elytron

by Ondrej Lukas (JIRA)

Ondrej Lukas created ELY-1213: --------------------------------- Summary: Remove match-purpose from Elytron Key: ELY-1213 URL: https://issues.jboss.org/browse/ELY-1213 Project: WildFly Elytron Issue Type: Bug Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Blocker Match purpose should be entirely removed, see [1]. It means it should be removed from API, Elytron subsystem and Elytron client configuration file. We request blocker flag to avoid situation where match-purpose occurs in GA. [1] https://issues.jboss.org/browse/JBEAP-11144?focusedCommentId=13413867&pag... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1213) Remove match-purpose from Elytron

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-1213?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1213: ------------------------------ Affects Version/s: 1.1.0.Beta47 > Remove match-purpose from Elytron > --------------------------------- > > Key: ELY-1213 > URL: https://issues.jboss.org/browse/ELY-1213 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta47 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > > Match purpose should be entirely removed, see [1]. It means it should be removed from API, Elytron subsystem and Elytron client configuration file. > We request blocker flag to avoid situation where match-purpose occurs in GA. > [1] https://issues.jboss.org/browse/JBEAP-11144?focusedCommentId=13413867&pag... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Jan Kalina closed ELY-970. -------------------------- Fix Version/s: 1.1.0.Beta48 Resolution: Cannot Reproduce Bug Unable to reproduce nor by original reporter - closing. > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta25 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.1.0.Beta48 > > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Jan Kalina reassigned ELY-970: ------------------------------ Assignee: Jan Kalina (was: Darran Lofthouse) > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta25 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017